Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv May 26 2006 05:18AM
Steven M. Christey (coley mitre org)

Webmaster at destiney said:

> I pasted the following example XSS code into both form fields, and saw
> no evidence of XSS vulnerabilities:
>
> <DIV STYLE="background-image: url(javascript:alert('XSS'))">

According to the XSS cheat sheet at http://ha.ckers.org/xss.html,
STYLE attributes in DIV tags are only effective in the Internet
Explorer rendering engine (they worked fine for me in IE but not
mozilla).

Were you using IE when you checked these results?

- Steve

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus